- #JS:PDFKA EXPLOIT MAC CLEANER FULL#
- #JS:PDFKA EXPLOIT MAC CLEANER SOFTWARE#
- #JS:PDFKA EXPLOIT MAC CLEANER CODE#
- #JS:PDFKA EXPLOIT MAC CLEANER OFFLINE#
- #JS:PDFKA EXPLOIT MAC CLEANER DOWNLOAD#
The fact is that on numerous occasions we thought we had resolved the issue and it was only through repeated emails from some of you that we realized how sophisticated the breach was and that the latest effort was not successful. Hindsight is 20/20 as they say and if we knew then what we know now we certainly would have handled things differently. WHY DIDN'T YOU SHUT DOWN THE SITE WHEN YOU FIRST FOUND OUT IT WAS INFECTED?
Moving to a new server caused the site to be inaccessible for the last 24 hours. We believe the issue is now resolved after applying additional fixes and, most importantly, moving to a new server. We also consulted constantly with our web hosting provider, but they were unable to provide any meaningful solutions. We undertook a number of fixes and upgrades in order to eliminate the vulnerability, but these proved to be unsuccessful.
#JS:PDFKA EXPLOIT MAC CLEANER CODE#
What we realized is that despite our best efforts we still had a vulnerability in our server that was allowing the malicious code to be continuously re-inserted. Since we don't have a web security expert on staff, we sought the help of an external web security expert who provided addition tools for us to diagnose the issue. We even created a script to remove the code as soon as it appeared, but this didn't prove to be a viable solution. Unfortunately, however, the code kept getting inserted. After reviewing the files we were able to locate the malicious code and remove it. In the first few days of the attack, many of you sent us screenshots that helped us pinpoint the infected files. WHAT DID YOU DO TO TRY TO RESOLVE THE ISSUE?
#JS:PDFKA EXPLOIT MAC CLEANER SOFTWARE#
The hacker (and we have no idea if they were Russian or from somewhere else) used it to infect 2 main javascript files on the site with malicious javascript code commonly named JSRedirector that loaded malware that exploits a vulnerability in Internet Explorer and Adobe Acrobat Reader which is recognized by anti-virus software under different names like JS:Pdfka-WD or To the best of our knowledge, the site was hacked with the r57shell backdoor which is made in PHP and created by Russian hackers. WHAT SPECIFICALLY WAS THE SOURCE OF THE MALWARE?
#JS:PDFKA EXPLOIT MAC CLEANER DOWNLOAD#
This might have included the home page being turned into an ad for Viagra, the ShareThis button or Google Search bar appearing at the top of the page, and pop-ups prompting you to download a suspicious PDF. Most of the weird things you might have seen on the site were related to the malware. Also, you're much more likely to have been infected if you use a PC/Windows rather than a Mac. For those of you who have good anti-virus software installed it's likely that your computer prevented the infection without you even knowing about it. IF I VISITED THE SITE OVER THE PAST FEW WEEKS, DOES THAT MEAN I'M INFECTED? We also strongly recommend switching to a securer, better browser like Firefox or Safari, and keeping your Adobe Acrobat Reader software up to date. We also suggest running an anti-spyware on top of that to double check your computer is clean from any traces of the malware.
#JS:PDFKA EXPLOIT MAC CLEANER FULL#
If your computer has been infected, we recommend installing anti-virus software or updating the virus definitions of your existing one and running a full scan. HOW DO I KNOW IF MY COMPUTER WAS INFECTED? Google have removed the warnings, so hopefully these messages will disappear soon if you're still seeing them. Last night we asked Google to review the site again and it appears they agree with us that the site is now clean. We believe the malware has been removed, however, so it's possible that If you're still seeing malware warnings it could be from a cached page or from Google (as the site was temporarily flagged as a distributor of malware). If you're still seeing malware warnings please notify me immediately at tim blogto.
#JS:PDFKA EXPLOIT MAC CLEANER OFFLINE#
Now, after weeks of working on the problem, and having taken the site offline for the past 24 hours, we believe the site is now clean and it's safe to begin browsing blogTO again.įor those of you interested in learning more about the issue, I have put together this FAQ that will hopefully answer most of your questions.
We realize that many of you had your own computers infected as a result and for this we apologize. In an nutshell, our site was infected with sophisticated and malicious malware that we had great difficulty eradicating despite constant and numerous efforts.
Our initial efforts to resolve this were unsuccessful and since that time we've been working diligently behind the scenes to diagnose exactly what was happening to the site and how we could fix it. A few weeks ago, we started getting reports that many of you were seeing malware, trojan horses and other virus warnings when you visited the site.
During the past few weeks many of you may have noticed the site wasn't functioning at optimal health.
0 kommentar(er)
